The Obama Presidential Policy Directive 20 (PPD-20) that outlined the interagency communications required for the US to deploy cyber-weapons was reversed by President Trump, according to a report from the Wall Street Journal Wednesday 15 August.
Infosecurity Magazine contacted the White House for comment, but the Trump administration reportedly has not issued an official statement on the decision to reverse PPD-20. A National Security Council spokesman told Inside Cybersecurity that the administration was not planning on issuing a public statement.
Cyber-threats and cyber-attacks from nation-state actors require action, but planning and executing offensive actions necessary to protect US interests and assets from foreign aggressions can take months or years, said John Gunn, chief marketing officer at OneSpan. “With proper safeguards, this is a positive initiative that will raise our security.”
The US is not the first country to permit offensive techniques in order to prevent cyber-attacks from reaching its borders. Many experts, including Joseph Carson, chief security scientist at Thycotic, are in favor of cyber-offensive capabilities. Yet challenges exist in cyberspace.
“The biggest problem we have is absolute attribution to knowing who exactly carried out the cyber-attack and is it possible that it was a misdirection to put political pressure on two or more countries,” Carson said.
“We have AI and other techniques, but cyber-criminals have the ability to make it look like someone else committed the crime," Carson continued. "With cyber-mercenaries on the increase, the only way to get attribution is to go back to the old methods of having human spies who can confirm the attack happened and was initiated by aggressive cyber-countries. Many countries are already committing cyber-attacks on a large scale, and the US has been poor at responding to such attacks. For example, the attack on the DNC and OPM. My personal stance is that cyber-offensive should only be carried out by government agencies and not permitted by citizens.”
The reversal of PPD-20 also sends a global message at a critical time for the US. "The change in the US government stance on cyber weapons being used for cyber-offensive against adversaries comes just ahead of the US midterm elections. This is very likely a public indication that any nation-state who tries to hack or manipulate the upcoming elections, the US government has taken the gloves off and will respond," Carson said.